V4VC™ Security

​1. How secure is V4VC™and what is the implementation?

In order to securely reward users with currency, AdColony's V4VC™ server verification system requires developers to operate a server for the purpose of persistently tracking users’ virtual currency balances, providing access to balance information to the mobile application, and processing AdColony V4VC™ currency awards. This virtual currency server allows the implementation of an end-to-end currency award process, maintaining security at all stages.

You may implement V4VC™ on the client, without a remote server and API. However, that solution is not fully secure, as the client can always be hacked. We recommend a server-side solution, but if that is not possible, then you will need to reward your users via code in your app when notified by the AdColony SDK and make an effort to secure this on the client.Back to Top

​2. What is the secure server verification process exactly?

The secure currency award process begins when a user finishes viewing an advertisement displayed by an AdColony zone configured to use V4VC™. When the AdColony SDK residing in a developer’s mobile application reports a completed video view to our AdColony servers, the server uses developer-supplied configuration data to create a URL pointing to the developer’s server.

The V4VC™ URL is essentially a token that can be used once in order to award a specific user with a specified amount of virtual currency. This URL includes data describing the currency award that the server should perform, which specifies unique user identifying information as well as currency amount and type. The URL also includes two security features to prevent abuse of the V4VC™system. One is a unique identifier number; this allows the developer’s server to deny repeated uses of the same URL. The other security feature is a message hash that combines the application’s secret key with the rest of the URL data; this allows the developer’s server to ensure that the URL was created by the AdColony servers.

Once created, the V4VC™ URL is returned to the AdColony SDK residing within the developer’s mobile application. The AdColony SDK accesses the URL to contact the developer’s server. At this point, the developer’s server verifies the integrity of the URL, and then performs the requested currency award. Once complete, it returns a success or failure message to the AdColony SDK, which in turn relays this information to the developer’s code within the developer’s mobile app.

When notified of currency award success, the developer’s code within the mobile app contacts the developer’s server and retrieves an updated currency balance to display to the user.

Implemented properly, this end-to-end system prevents tampering with currency awards within the AdColony V4VC™ system. While there is the additional burden for developers of maintaining and operating a virtual currency server, a secure virtual currency server ensures that currency balances cannot be modified by users in order to avoid paying for content.